Social login integration
Question
I need to add social login to a site that already has a user system that is very simple it only stores an email and a password and that's about it. I need to add facebook and twitter login options but I am facing a difficulty figuring out how to integrate that with the current system because it has an unique index at email so when a user tries to log in using a social account I first get their details and check if that email is already registered, if not then I register them automatically and then log them in and subsequent login requests find the email and log in the user automatically.
The problem comes when a user has been registered through the ordinary registration form, then I could create a fake social media account using a given email and could then log into a user's account on that site simply because they didn't have a social media account using that email.
I suppose I could add a column "regMethod" that would indicate which registration method was used and make that a complex unique key (email, regMethod) and have 0 be the native form, 1 facebook, 2 twitter and compare that when logging a user in but that seems rather hacky to me. Also if a single user uses all login methods for some reason the will have a number of accounts and not just a single account which is a problem.
I am pretty sure there must be a better solution to that problem and someone has overcome it already so I feel like I would be reinventing the wheel trying to solve it. How is this done in reality?
2 answers
solution1
0 2016-05-31 11:21:58
A simple possible solution to your problem I've been using for a site that allows different types of login (local or with a facebook account) was to seperate the user account data from the authentication data by having seperate tables for them.
First I had a table for the user data. You would then have two tables for possible authentcation, one LocalAuthentication containing anything related to you local authentication method like salt, password hashes etc. Then you will also have the table FacebookAuthentication and it only needs to contain a facebook access token. Both of these tables needs to reference the UserTable.
That way a single user could have multiple authentication to the same account.
solution2
0 2016-05-31 11:31:57
just add facebook_id and twitter_id to your users table. Then you'll have two choices :
Each social account is a new account (no merging), you just have to create and persist a new user object.
Once logged (classic way : login / pwd), you provide to users the ability to link their account with social accounts. In that case, you have to update your user table.
Dont forget to store the facebook_id or the twitter_id you'll get when the users uses the API.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.